If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

FIDS - File System Integrity Checkers...

Folks, I'm lokking for info about FIDS(File System-based IDS) in order to track file system changes (executable, library, shell scripts, ....) in order to "guaranty*" my file system integrity.
As a good AO member I have performed a quick search on google and I found the following list of tools:
- AIDE (Advanced Intrusion Detection Environment)
- chkrootkit
- Dragon Squire
- FCheck
- integrit
- samhain
- ....

I didn't intentionnaly include TripWire bcoz its commercial. Did I mention that I'm looking for an open sourtce for Linux?

I'm sure some AOs have experienced such tools, could u give personnal feedback!
u'll make my day !

thanx

*some will say that we can't guaranty anything since some attackers could compromise the host and change log files but ....

i used most of the tools you mentioned above, but tripwire is what i use right now and no they have an open source version of tripwire. check www.tripwire.org (i had to edit this since when i typed in tripwire.org without the www sent me to somewhere else, damn dns!). you should be able to find previous rpms/tarballs for this.

Other than the ones you've mentioned, I don't know of any others. I've used Tripwire before and my students use it in their Advanced class to muck around with. (Although I'm hearing rumblings from some of problems with Slack 9 and SourceForge Trip)..

I never used it but with a quick look at it; it seems a bit painful to use:
- Tell me if I'm wrong but it seems that config require to specficy file per file that need to be checked. Can't we do smth like any executable, library, ...
And what type of check does it performs a checksum or file size.

Tripwire is the most popular now, but AIDE is supposed to be better. You should know that if you are hacked any hacker will just modify or delete the database once getting root. To prevent that you can put it on a write protected floppy if it will fit... or a CD. I'd use a FIDS and chkrootkit. After it is installed you run it to create the database of hashes and then after that you can run it periodically so it will create the hashes again and compare them to the hashes in the database. If any hashes are changed then it will alert you. How to install and use it is in the manual, install, or readme files. After reading those it shouldn't be so complicated

Being a scriptkiddy is hazardous to your health.
It causes your body to be thrown into jail.

I ran into a tut for Tripwire somewhere. Sorry I can't think of it now, but I will post it for all to see when I find it. It's not my tut, but why reinvent the wheel if it's in a good format. I will find it and post it with the source so that you will have something else additional as a resource.

Re: FIDS - File System Integrity Checkers...

Originally posted here by Networker Folks, I'm lokking for info about FIDS(File System-based IDS) in order to track file system changes (executable, library, shell scripts, ....) in order to "guaranty*" my file system integrity.
As a good AO member I have performed a quick search on google and I found the following list of tools:
- AIDE (Advanced Intrusion Detection Environment)
- chkrootkit
-